The IT security researchers have discovered that more than 20 different Linksys’ routers models are leaving thousands of devices vulnerable to outside attacks.
Tao Sauvage, a senior security consultant for IOActive, along with Antide Petit, an independent researcher, published the existence of these bugs that were first discovered last year. The blog post states than about 10 vulnerabilities in 20 different models have left thousands of devices vulnerable to cyber-attacks. And yes, these devices are already spread throughout the world.
The flaws in question allow the potential hacker to overload the routers and create forced reboots. This is done by creating DoS (denial-of-service) conditions, and it keeps regular users of the device incapable of using it.
The bugs also give attackers the chance to bypass SGI scripts and steal private information and even manipulate restricted settings. And not only that, but the hackers that use this method can even execute commands with root privileges, and create the sort of backdoor accounts that can be used for persistent access, and wouldn’t be viewable when it comes to the smart management console for the router.
List of vulnerable routers:
EA2700, EA2750, EA3500, EA4500v3, EA6100,EA6200, EA6300, EA6350v2, EA6350v3, EA6400, EA6500, EA6700, EA6900, EA7300, EA7400, EA7500, EA8300, EA8500, EA9200, EA9400, EA9500, WRT1200AC, WRT1900AC, WRT1900ACS and WRT3200ACM.
In an attempt to discover just how great of an impact the flaw has left, it’s calculated that over 7,000 devices were flawed at the time of the search. Luckily, routers that are protected by network guards like firewalls and similar methods can be considered safe.
The problem is that the security company found that almost 11% of the flawed routers still have default credentials and that any hacker knows how to exploit this and gain access, even if the flaws weren’t there already. They’ve even published the list of router models that are flawed.
Most of these routers can be found in the US, and their number consists 69%. Other countries with a high number of flawed routers involve Canada, Hong Kong, Chile, the Netherlands, Venezuela, Argentina, and Russia. All of these countries have a 1% or more of the flawed routers, while the 13% of the devices is spread around the other countries of the world, with less than 1% per country.
Upon discovering the flaws back in January, IOActive has contacted Linksys and warned that they have three months to patch the devices up before the information goes public. Linksys did what they could, and in March, they created a customer advisory in which they warned customers of the problem and gave instructions on how to deal with it until a more permanent solution was brought.
The advisory was released, and the update that will fix the problems is expected in the coming weeks. They’ve even stated that they understand the challenge of reaching out and getting to every one of their users, which is exactly why they created the advisory so that their users would be safe until the real fix is issued.
Once the patch is available, IOActive will publish more details concerning the issue.
Back in January, similar bugs were discovered in SOHO devices and also in enterprise D-Link routers, which leaves both regular users and corporate networks at risk. This discovery has unveiled that these routers have over 50 vulnerabilities that are in need of a fix.
DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.